A Primer on Distributed Validator Technology

Blockchain, Infrastructure

Ethereum's PoS protocol faces centralisation due to validator dependencies. We examine Distributed Validator Technology (DVT) as a solution, with projects like Obol Network and SSV Network allowing multiple nodes to act as a single validator, reducing failure points and enhancing network security.

Share this article:
LinkedinX
March 2, 2023

Staking-as-a-Service

As with every cyclical event in crypto, the Liquid Staking Derivative narrative is once again back on its feet amassing even more buzz on CT with the forthcoming Shapella hardfork - the combination of the Shanghai and Capella hardforks where the Capella upgrade updates the Consensus Layer so blocks can accept withdrawal operations and the EIP-4895 in Shanghai, that pushes the withdrawals from the Consensus Layer to the EVM, where they are completed and realised.

The success of Staking-as-a-Service protocols like Lido has been noteworthy in the past year. Lido has seen tremendous growth in the number of staked ETH, reaching over 5 million ETH since its launch in late 2020. This has been attributed to the convenience and accessibility of Lido's staking service, which allows users to stake their ETH without having to run a node themselves but, Ethereum's Proof-of-Stake protocol is facing a centralisation problem. Blockchain technology has been around for over a decade, but scaling issues still persist in most of the popular blockchain networks. One of the main issues is the lack of diversity among clients, which means that a few nodes are responsible for most of the network's transactions. This results in centralisation and increased security risks. The root problem is that a single staking node directly controls how any one validator behaves meaning that ETH depositors for that validator have to have a lot of trust in that one node operator. This is where Distributed Validator Technology (DVT) comes in - multi-signature-like technology but for consensus votes! But how does it work exactly?

Validators and Consensus

Distributed Validator Technology is an emerging field that aims to develop more efficient and decentralised methods for validating transactions on blockchain networks by allowing cluster of nodes to be ran by individuals, groups, or communities of operators that act together as a single validator on Ethereum. With the successful completion of The Merge, Ethereum development pushes forward with new technologies according to Vitalik’s Roadmap!

Vitalik’s Ethereum Roadmap of The Merge.

This solution enables multiple non-trusting parties to collectively operate a validator, resulting in fewer single points of validator failure, fortifying the operations of at-home validators, institutions, and staking services alike. Validators are like security guards on the Ethereum network - they check and verify transactions to make sure everything is safe and reliable. A validator node has different components, including:

  • 💾 Client software: This is the software used by validators to connect to the Ethereum network and carry out their tasks.
  • 💰 Staking deposit: To perform their duties, validators need to have a deposit of at least 32 ETH. This deposit serves as a guarantee that they will perform their tasks properly, and can be taken away if they do something wrong.
  • 🔑 Signing key: Validators possess a special private key that they use to sign blocks and attestations, proving that they have completed their tasks.
  • 🚦 Network connection: Validators require a reliable internet connection to perform their tasks. If their connection is poor, they may miss blocks and attestations, which can lead to trouble.
  • 🚨 Monitoring and alerting: Validators must monitor their work to ensure that they are carrying out their tasks properly. They also require a means of receiving a warning if something goes awry.

Validators are crucial for the Ethereum network - by being a validator, you help keep the network secure and efficient for everyone who uses it. Validators create two sets of keys: validator keys for participating in consensus and withdrawal keys for accessing funds. While withdrawal private keys can be kept secure in cold storage, validator private keys need to be online for validator signing duties, increasing the risk of theft. If a validator private key is compromised, an attacker can take control of the validator and potentially cause it to be penalised and lose ETH.

❗️ Each component can represent a potential single point of failure.

If over one-third of Ethereum validators become offline at the same time, the network will not be able to reach finality and will fail to operate as intended. To discourage such widespread failures, slashing penalties increase in proportion to the number of offending validators. In the end, these penalties encourage operators to use a diverse stack of components to ensure that validators remain online and that the network stays active.

To put this in perspective, consider the risks of hosting validator nodes on centralised cloud services - if an operator using AWS forgets to pay their bill or, in a more extreme scenario, is unexpectedly banned from the service, the validator will go offline and begin to lose ETH. Although inactivity penalties for individual validators are not very severe, the network effects of validator downtime can be much worse. To ensure robustness against component failures, operators can implement redundant systems as fail-safes. However, attempting to achieve redundancy for all components is nearly impossible and can result in catastrophic consequences if done naively. This is the key area that DVT is designed to address.

Cluster Operation

DVT enables validator operators to maintain control over their system configurations and collaborate in a trust-minimised way to enhance operational safety. ETH stakers can retain custody of their funds by selecting operators to create and run validation key shares, while also designating withdrawal and fee recipient addresses for receiving staking proceeds.

A Distributed Validator (DV) cluster operates by having each node hold a key share of a complete validator key. This is done so that the full validator key never exists in one location at any point in time. When active, each node in a DV cluster attests using their key share. This generates partial BLS attestations, which are fancy cryptographic signatures. The partial attestations are then combined using threshold BLS aggregation to attest as a full validator node. Without getting into the math of how it’s done, this means that as long as the threshold of active validator nodes is met (3 out of 4, 5 out of 7, 7 out of 10, etc.), the DV cluster will attest normally. In other words, even if some of the nodes in a DV cluster go offline, it would not affect the overall performance of the cluster as long as enough nodes are live to meet the signing threshold.

Example of a 3-of-4 DVT setup by @Leo_Glisic.

Regardless of your role as a validator or your beliefs regarding the distribution of validators, DVT serves as a decentralising force for the entire Ethereum network. It adds resiliency and reduces risk, making it a technology primitive that benefits everyone in the Ethereum ecosystem.

DVT Implementations

DVT was first conceptualised by Ethereum Foundation researchers in 2019 and it is under development as a plug-and-play middleware solution - like Flashbot’s MEV-Boost sidecar - that sits between existing infrastructure components to enhance a validator’s operation. One might expect wildfire adoption similar to MEV-Boost due to its expected benefits and ease of use.

To avoid single points of failure in its validator network, liquid staking giant Lido has provided grants to primary projects building DVT infrastructure, Obol Network and SSV Network.

Obol Labs is releasing a middleware client called Charon, which enables DVT. Validator clients send their output messages with their votes, and Charon's multi-sig combines them and relays the vote to four beacon clients. These clients then communicate the vote to the beacon chain. Charon never needs the validator key, making it a good choice for institutions and CEXs that are wary of handing it over.

On the other hand, SSV Network is releasing a network infrastructure layer for decentralised staking. In SSV's model, each validator selects 4 node operators from the operator network to multi-sig vote for that validator. SSV’s software isn't strictly a middleware solution. The network is comprised of a custom-built validator client that holds and signs with the key shares it decrypts from the SSV smart contract.

Final Thoughts

It is exciting to witness the launch of these two projects and to observe how Lido and other entities will adopt them. The race for mainnet DVT is currently underway, with both SSV and Obol Network aiming for public releases in 2023. With careful execution, this technology will provide additional assurance to both large and small ETH stakers. It will not only improve validator security, uptime, and profitability, but if adopted by a significant number of validators, it will also offer an additional layer of resilience to the Ethereum network.

DVT opens up a whole new design space, and we need everyone to think about the best ways to utilise it towards more decentralisation!

Distributed validator technology (DVT) is an approach to validator security that spreads out key management and signing responsibilities across multiple parties, to reduce single points of failure, and increase validator resiliency.
March 2, 2023